package com.permission.systempermission.config;

import com.permission.systempermission.comm.security.AuthenticationFailure;
import com.permission.systempermission.comm.security.AuthenticationSuccess;
import com.permission.systempermission.comm.security.JwtAuthenticationFilter;
import com.permission.systempermission.comm.security.LoginNoAuthentication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance(); // 不加密
//        return new BCryptPasswordEncoder(); // 加密
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests(
                // 配置不需要认证的接口
                authorize -> authorize.antMatchers("/sys/login").anonymous()
                        .antMatchers("/swagger-ui.html").anonymous()
                        .antMatchers("/v2/**").anonymous()
                        .antMatchers("/swagger-resources/**").anonymous()
                        .antMatchers("/webjars/springfox-swagger-ui").anonymous()
                        .antMatchers("/webjars/springfox-swagger-ui/**").anonymous()
                        .anyRequest().authenticated()  // 所有请求需要认证
        );
        http.exceptionHandling(excaption -> {
            //请求未认证的接口
            excaption.authenticationEntryPoint((new LoginNoAuthentication()));
        });
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterBefore(new JwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        // 登录拦截器
        http.formLogin()
                .successHandler(new AuthenticationSuccess())
                .failureHandler(new AuthenticationFailure());
        http.csrf(csrf -> csrf.disable());
    }
}